QUESTION 85Firewall administrators cannot authenticate to a firewall GUI. Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)

A. ms logB. authd logC. System logD. Traffic logE. dp-monitor log

Answer: CD

QUESTION 86Which option is an IPv6 routing protocol?

A. RIPv3B. OSPFv3C. OSPv3D. BGP NG

Answer: B

QUESTION 87A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external server.What can be done to simplify the NAT policy?

A. Configure ECMP to handle matching NAT trafficB. Configure a NAT Policy rule with Dynamic IP and PortC. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bi- directional optionD. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bi-directional option

QUESTION 89A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed to multiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations.How should this be accomplished?

A. Create a Template with the appropriate IKE Gateway settingsB. Create a Template with the appropriate IPSec tunnel settingsC. Create a Device Group with the appropriate IKE Gateway settingsD. Create a Device Group with the appropriate IPSec tunnel settings

QUESTION 92What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

A. The firewalls must have the same set of licenses.B. The management interfaces must to be on the same network.C. The peer HA1 IP address must be the same on both firewalls.D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.

Answer: AC

QUESTION 93Which three rule types are available when defining policies in Panorama? (Choose three.)

QUESTION 94A network design calls for a “router on a stick” implementation with a PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interfaceWhich interface type and configuration setting will support this design?

QUESTION 97Several offices are connected with VPNs using static IPV4 routes.An administrator has been tasked with implementing OSPF to replace static routing.Which step is required to accoumplish this goal?

A. Assign an IP address on each tunnel interface at each siteB. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfacesD. Create new VPN zones at each site to terminate each VPN connection

QUESTION 99Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.Which step is required to accomplish this goal?

A. Assign an IP address on each tunnel interface at each siteB. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfacesD. Create new VPN zones at each site to terminate each VPN connection

Answer: C

QUESTION 100People are having intermittent quality issues during a live meeting via web application.

A. Use QoS profile to define QoS ClassesB. Use QoS Classes to define QoS ProfileC. Use QoS Profile to define QoS Classes and a QoS PolicyD. Use QoS Classes to define QoS Profile and a QoS Policy

Answer: C

QUESTION 101When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?